Header Right

Main navigation

Ransomware-SL

So far in this series we've talked about how to protect yourself from getting (or spreading) ransomware and other malware through the various threat vectors. Now we are going to take a look at what to do if ransomware gets through your multiple layers of security and actually infects your network.

First, let's talk about what you don't want to do, which is pay the ransom. Several things may happen when you capitulate to the criminals:

They might not release your data. There's no guarantee that you will be able to decrypt your data just because you've paid the ransom.

You could be targeted in future attacks, and the ransom amounts will be higher. Criminals now know you are willing to pay, and they will punish you for not ‘learning your lesson' the first time.

You contribute to the success of the criminals, and encourage them to continue spreading ransomware.

The application threat vector is one of the most vulnerable yet least understood. Put simply, web applications are things like webmail, online forms, banking sites, shopping site, etc. These sites support complex user input scenarios and are usually completely exposed to the public. They are sometimes written with insecure code or developed in such a way that there are vulnerabilities inside the code. As such, these applications can be difficult to defend.

The Open Web Application Security Project, or OWASP, is one of the premier organizations focusing on applications and software security today. Every few years, OWASP will publish a list of the top 10 web application security risks worldwide. There is a new list being prepared for 2017, but here is the most recent list, from 2013:

For many people, the term “hacking” means that a criminal has broken through a firewall to get access to a network. The firewall is one of the easiest security concepts for people to understand, and often is thought of as the guard at the gate who provides entry based on a list of authorized visitors or other criteria. It helps that the term “firewall” originated outside of IT as a literal physical wall that was meant to prevent a fire from spreading, so the word itself was already in the public vernacular before the Internet was popular. ‘Firewall' is also one of the oldest internet security terms, having been formally introduced by academia in the 1980's. Because of the history and context of the term, it makes sense that people tend to think that the firewall is what gets “broken” in a hack.

Modern firewalls are much more than a gate that allows traffic in and out based on simple rules. The latest firewalls provide several other functions, such as DHCP, secure VPNs, Link balancing, and more. As business needs have evolved with the rise of branch offices, remote workers, and SaaS applications, the network firewall has evolved to keep pace and aggressively protect the network perimeter and provide the necessary services to enable the business it protects.

In our last post, we talked about why email is the number one threat vector. In this post we'll talk about compromised web sites and why they pose such a risk.

Although compromised or malicious web sites are the second most common method of infecting victims with malware, this threat vector is often unconsidered by the user. Here are a few of the most common attacks that occur when a user visits a compromised web site:

So far in our series we've talking about ransomware, threat vectors, and the technologies that we use to protect you. Now let's take a look at email and why it's the biggest and most exploited threat vector of all.

The weakest point of security in any organization is the users, either due to a lack of awareness or security fatigue. Attackers know this, and they target users through email because with a working email address, a malicious but well-crafted attack could easily get in front of a vulnerable employee. Attackers are also very determined, so they will continue to pursue a target-rich environment until they find a gap in defenses. A recent Consumer Affairs article reports that as many as one-third of AV scanners failed to find malware samples in a two month test. That's why attackers keep trying, even when they know a company has anti-virus protection in place.

One of the most difficult things about securing your enterprise is that threats change so rapidly. You used to be able to defend yourself against specific types of threats, like viruses, and know that you were probably well-protected. Modern threats are completely different, which is why we have to approach security in terms of threat vectors and attack surfaces.

We identified six threat vectors in our last blog, and talked about why it's important to give each its own layer of protection. Threats are evolving quickly, and criminals are better at their work than ever before. The IT security industry has been developing new methods to protect the public from these threats. Here are some of the more significant innovations we've made in threat defense.

In our last post, we introduced this series and discussed the concept of ransomware. This time we'll talk about threat vectors and why you should be thinking in terms of threat vectors rather than specific attacks.

Put simply, threat vectors are the routes that malicious attacks may take to get past your defenses and infect your network. We will be talking about six threat vectors in particular:

Taking human hostages and exchanging them for money is a messy and very risky business. More often than not the kidnappers end up dead rather than rich. The same cannot be said for taking hostage data on your computer and releasing it for tidy payment. Your valuable data is usually not even taken from your computer – too much trouble and increased likelihood of detection to transport and store it. It is simply encrypted and the key will be only provided after the payment was made. Ransomware has become a multi-billion, yes we are talking billions, industry. Just one variant, CryptoWall, might have netted over $325 million in one year of its existence.